This Chinese Hacking Team Goes After Satellite Makers

The Justice Department last month indicted five Chinese hackers with economic espionage and trade secret theft.

Associated Press

The Chinese military since 2007 has built a computer espionage unit that targets foreign governments, defense and space companies according to the security firm Crowdstrike.

In a new report, Crowdstrike offers details on how China’s hacking-industrial complex extends far beyond the five military officers indicted by the Justice Department last month. Some activity is highly centralized and directly controlled by the military, as detailed in the indictment. Other groups appear to work as makeshift defense contractors that try to break into foreign networks after clocking out of mundane day jobs, former U.S. officials and security researchers said.

The Crowdstrike report focused on a Shanghai unit with an interest in satellite technology. Known as the 12th Bureau of the People’s Liberation Army’s Third Department, it also goes by Unit 61486, according to a 2011 report from the Project 2049 Institute, an Asia-focused U.S. think tank run by former U.S. military officers.

The five Chinese nationals indicted by the Obama administration worked in the Third Department’s Second Bureau, known as Unit 61398, which focuses on the U.S. and Canada, according to Project 2049.

The New York Times previously reported on Crowdstrike’s findings. Neither mentioned a specific victim of the group. Crowdstrike said the hackers have stolen designs for satellites and aerospace technology, among other things.

On Tuesday, a spokesman for the Chinese embassy in Washington said Crowdstrike’s report is “one-sided” and its “findings are based on unprovable, fabricated evidence.” The spokesman said the report “looks like an advertisement of Crowdstrike for its own commercial interests.”

The report also shed light on how U.S. firms can collect rich dossiers on foreign hackers. In this case, one military officer appeared to use his personal email address to register a site used in government hacks. Through that email address, Crowdstrike found pictures posted online of empty rice liquor bottles, a birthday celebration and a slim, young man doing pull-ups in front of a military officer.

- This post has been updated to include comment from the Chinese embassy.